File permission vulnerabilities and Module::Pluggable

[Simon Wistow]

Adam 'Alias' Kennedy has written a blog post about the 2009 CWE/SANS 25 
Most Dangerous Programming Errors

http://use.perl.org/~Alias/journal/38319

in it he singles out "CWE-732: Insecure Permission Assignment for 
Critical Resource"

http://cwe.mitre.org/data/definitions/732.html

and points out

"LOTS of Perl programs use Module::Pluggable, or have Plugin support of 
some kind (including Padre), which is an exploit waiting to happen if we 
aren't checking the permissions of the modules that we load.

I'm not sure if we already have something like this, but it would be 
interesting to see things like Module::Pluggable coming with CWE-732 
support by default (presumably with an option to disable it)."

So I've been thinking about adding that support however I'm slightly 
conflicted at the moment about how it should work which is down to two 
things -

1) At the moment M::P has no no-core dependencies so introducing one,
    especially since it's dual-lifed at the moment makes me pause.

The two solutions I can see immediately are

* Make it optional dependency and the functionality only available if
  File::PermissionCheck (or whatever it's called) is installed
* Make it part of the M::P distribution like Devel::InnerPackage.


2) I'm reluctant to turn that kind of checking on by default. Maybe if
    this was the first release of M::P but I'm worried about people
    upgrading and then stuff suddenly stopping working. This is
    especially bad if it's an optional dependency since then some other
    package could require it and a completely different module stops
    working.

Thoughts?

Simon